See this page as a slide show
First web server, CERN
- All web stuff is done with URLs (URLs, URIs, URNs—not going there).
- A URL is scheme:info. Examples:
- There are scores of schemes registered:
- Web browsers use HTTP & HTTPS application-level protocols.
- These are TCP protocols on ports 80 & 443.
- Use HTTPS!
- HTTP is unencrypted. Anybody can see what you’re doing.
- HTTP is unsigned. Its contents can be replaced
or modified anywhere en route, and you wouldn’t know.
- Downloading software? I hope that nobody in the middle altered it!
Fetching a web page
Let’s fetch this web page:
- Translate www.cs.colostate.edu to 220.127.116.11 via DNS.
- Make a TCP connection to 18.104.22.168 at port 443 (HTTPS).
- Send an HTTP request through the socket, which looks like …
Fetching a web page
Send an HTTP request:
GET /~ct320/Fall18/Lecture/WWW HTTP/1.1
If-Modified-Since: Mon, 25 Jun 2018 15:32:52 UTC
User-Agent: CCBot/2.0 (https://commoncrawl.org/faq/)
The response from the web server looks like this:
HTTP/1.1 200 OK
Date: Wed, 19 Sep 2018 00:52:17 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux)
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8
<title>CT320 | Lecture / WWW</title>
- The response can be in many different formats.
- A popular format is HTML, which has tags, e.g.,
I <strong>love</strong> My Little Pony!
- It’s your browser’s job to translate that HTML to a good-looking
display on the screen.
- The network doesn’t care about any of this. It just delivers the
bits from the server to the browser.
Browsing Security Considerations
- The HTTPS payload (request & response) is encrypted, going both ways.
- However, IP source & destination numbers are in the IP packet, so everybody
knows that I’m talking to www.cs.colostate.edu.
- However, nobody knows that I’m asking for the CT320 WWW lecture.
- What will be revealed if you fetch
- Chrome: Incognito
- Firefox: Private
- Internet Explorer: InPrivate
- What does it actually do?
- It doesn’t affect what you send or receive from the Internet at all.
- It limit evidence is kept in your browser.
- It saves you from your spouse, but not from the FBI.
- Routers see all IP addresses, port numbers, and DNS requests.